Lucene search
HistoryNov 17, 2010 - 4:00 p.m.
CVE-2010-3868
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.006
Percentile
78.6%
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
Affected configurations
Node
redhatcertificate_systemMatch7.3
ORredhatcertificate_systemMatch8
Node
redhatdogtag_certificate_system
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | certificate_system | 7.3 | cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:* |
| redhat | certificate_system | 8 | cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:* |
| redhat | dogtag_certificate_system | * | cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2010-3868
2010-11-17 16:00:01
cvelist
cvelist
CVE-2010-3868
2010-11-17 15:00:00
veracode
veracode
Unauthenticated Access
2020-04-10 00:55:19
prion
prion
Authentication flaw
2010-11-17 16:00:00
nessus
nessus
RHEL 5 : pki (RHSA-2010:0838)
2024-04-21 00:00:00
redhat
redhat
(RHSA-2010:0838) Moderate: pki security and enhancement update
2010-11-08 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.006
Percentile
78.6%
Related for NVD:CVE-2010-3868